ThinkstScapes

• ThinkstScapes Research Roundup - Q1 - 2025

  ThinkstScapes Q1’25Putting it into practiceHomomorphic Encryption across Apple featuresRehan Rishi, Haris Mughees, Fabian Boemer, Karl Tarbe, Nicholas Genise, Akshay Wadia, and Ruiyu Zhu[Code] [Paper] [Video]Beyond the Hook: A Technical Deep Dive into Modern Phishing MethodologiesAlexandre Nesic[Blog] How to Backdoor Large Language ModelsShrivu Shankar[Blog] [Code] Buccaneers of the Binary: Plundering Compiler Optimizations for Decompilation TreasureZion Leonahenahe Basque[Code] [Video]Software Screws Around, Reverse Engineering Finds Out: How Independent, Adversarial Research Informs Government RegulationAndy Sellars and Michael A. Specter[Video] [Website]Understanding things all the way downPhantomLiDAR: Cross-modality Signal Injection Attacks against LiDARZizhi Jin, Qinhong Jiang, Xuancun Lu, Chen Yan, Xiaoyu Ji, and Wenyuan Xu[Paper] [Demo Videos]Full-stack Reverse Engineering of the Original Microsoft XboxMarkus Gaasedelen[Video]Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of ChinaShencha Fan, Jackson Sippe, Sakamoto San, Jade Sheffey, David Fifield, Amir Houmansadr, Elson Wedwards, and Eric Wustrow[Paper]Scaling software (in)securityLow-Effort Denial of Service with RecursionAlexis Challande and Brad Swain[Paper] [Video]Is this memory safety here in the room with us?Thomas Dullien (Halvar Flake)[Slides] [Video]How to gain code execution on millions of people and hundreds of popular appsEva[Blog]Node is a loaderTom Steele[Blog]Mixing up Public and Private Keys in OpenID Connect deploymentsHanno Böck[Blog] [Code]Nifty sundriesWill It Run? Fooling EDRs With Command Lines Using Empirical DataWietze Beukema[Tool site] [Code] [Video]Homoglyph-Based Attacks: Circumventing LLM DetectorsAldan Creo[Paper] [Code] [Video]28 Months Later - The Ongoing Evolution of Russia's Cyber OperationsThe Grugq[Slides] [Podcast interview]‘It's Not Paranoia If They're Really After You’: When Announcing Deception Technology Can Change Attacker DecisionsAndrew Reeves and Debi Ashenden[Paper]Off-Path TCP Hijacking in Wi-Fi Networks: A Packet-Size Side Channel AttackZiqiang Wang, Xuewei Feng, Qi Li, Kun Sun, Yuxiang Yang, Mengyuan Li, Ganqiu Du, Ke Xu, and Jianping Wu[Paper] [Code]

  --------  

  29:56
• ThinkstScapes Research Roundup - Q4 - 2024

  ThinkstScapes Q4’24Wins and losses in the Microsoft ecosystemPointer Problems - Why We’re Refactoring the Windows KernelJoe Bialek[Video]Defending off the landCasey Smith, Jacob Torrey, and Marco Slaviero[Slides] [Code]Unveiling the Power of Intune: Leveraging Intune for Breaking Into Your Cloud and On-PremiseYuya Chudo[Slides] [Code]From Simulation to Tenant TakeoverVaisha Bernard[Video]From Convenience to Contagion: The Libarchive Vulnerabilities Lurking in Windows 11NiNi Chen[Slides] [Video]LLM hype continues, as do the security issuesThings we learned about LLMs in 2024Simon Willison[Blog]AI Meets Git: Unmasking Security Flaws in Qodo MergeNils Amiet[Slides] [Video] [Blog]Suicide Bot: New AI Attack Causes LLM to Provide Potential “Self-Harm” InstructionsGadi Evron[Blog]Diving deep, then diving deeperBreaking NATO Radio EncryptionLukas Stennes[Paper] [Video]Exploiting File Writes in Hardened EnvironmentsStefan Schiller[Blog] [Video]Hacking yourself a satellite - recovering BEESAT-1PistonMiner[Video]IRIS: Non-Destructive Inspection of SiliconAndrew 'bunnie' Huang[Blog] [Paper] [Video]SQL Injection Isn't DeadPaul Gerste[Slides] [Video]Nifty sundriesWhat Developers Get for Free?Louis Nyffenegger[Video]Dialing into the Past: RCE via the Fax Machine – Because Why Not?Rick de Jager and Carlo Meijer[Video]Broken isolation - Draining your Credentials from Popular macOS Password ManagersWojciech Reguła[Slides] [Video]I'll Be There for You! Perpetual Availability in the A8 MVX SystemAndré Rösti, Stijn Volckaert, Michael Franz, and Alexios Voulimeneas[Code] [Paper]Exploring and Exploiting an Android “Smart POS” Payment TerminalJacopo Jannone[Video]

  --------  

  37:58
• ThinkstScapes Research Roundup - Q3 - 2024

  Themes covered in this episodeEdge cases at scale still matterWorks from this theme exploit rarely-occurring issues, but with an internet-wide aperture to end up with impressive results. Look for: mechanising bit-squatting; static code analysis for vulnerabilities across all browser extensions, or across web ecosystems; and how Let’s Encrypt worries about revoking and reissuing 400M certificates in a week.Going above and beyondTalks and papers often use state-of-the-art tooling to measure/detect an interesting phenomenon. This theme highlights four works that could have followed that path, but also built robust tooling/research data to help others push the state-of-the-art forward. Look for: large scale collection and remediation of dangling domains and static secret leaks, preventing memory-corruption vulnerabilities across the Android ecosystem, remote timing attack frameworks, and SSH testing at scale.What goes on behind the curtain can be dangerousModern IT systems are composed of many layers. Usually the details at lower levels can be abstracted and safely put out of mind. This theme highlights work that shows that what happens in these oft-ignored places can have significant impacts. See: AWS-internal resources built on your behalf, BGP security weaknesses, stealthy hardware backdoors in access control systems spanning over 15 years, Wi-Fi management plane vulnerabilities, VPN-OS interactions, and a legacy file-system hack in Windows.Nifty sundriesAs always, we wanted to showcase work that didn’t fit into the major themes of this issue. We cover: bypassing voice authentication with only a picture of the victim’s face, racking up bills on locked credit cards, email parsing confusion, scanning IPv6, and a timing attack on remote web clients.Edge cases at scale still matterFlipping Bits: Your Credentials Are Certainly MineJoohoi and STÖK[Code] [Video]Universal Code Execution by Chaining Messages in Browser ExtensionsEugene Lim[Blog] [Video]CVE Hunting Made EasyEddie Zhang[Blog] [Code] How To Revoke And Replace 400 Million Certificates Without Breaking The InternetAaron Gable[Slides] [Video]Going above and beyondSecrets and Shadows: Leveraging Big Data for Vulnerability Discovery at ScaleBill Demirkapi[Blog]Eliminating Memory Safety Vulnerabilities at the SourceJeff Vander Stoep and Alex Rebert[Blog]Listen to the Whispers: Web Timing Attacks that Actually WorkJames Kettle[Slides] [Paper] [Code]Secure Shells in ShamblesHD Moore and Rob King[Slides] [Code] [Video]What goes on behind the curtain can be dangerousBreaching AWS Accounts Through Shadow ResourcesYakir Kadkoda, Michael Katchinskiy, and Ofek Itach[Slides] [Code]Crashing the Party: Vulnerabilities in RPKI ValidationNiklas Vogel, Donika Mirdita, Haya Schulmann, and Michael Waidner[Slides] [Paper]MIFARE Classic: exposing the static encrypted nonce variant... and a few hardware backdoorsPhilippe Teuwen[Blog] [Paper] [Code]Fallen Tower of Babel: Rooting Wireless Mesh Networks by Abusing Heterogeneous Control ProtocolsXin'an Zhou, Zhiyun Qian, Juefei Pu, Qing Deng, Srikanth Krishnamurthy, and Keyu Man[Slides] [Paper] [Code]Attacking Connection Tracking Frameworks as used by Virtual Private NetworksBenjamin Mixon-Baca, Jeffrey Knockel, Diwen Xue, Deepak Kapur, Roya Ensafi, and Jed Crandall[Paper]MagicDot: A Hacker's Magic Show of Disappearing Dots and SpacesOr Yair[Slides] [Blog] [Video] [Code]Nifty sundriesCan I Hear Your Face? Pervasive Attack on Voice Authentication Systems with a Single Face ImageNan Jiang, Bangjie Sun, Terence Sim, and Jun Han[Paper] [Code]In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free ShoppingRaja Hasnain Anwar, Syed Rafiul Hussain, and Muhammad Taqi Raza[Slides] [Paper]Splitting the Email Atom: Exploiting Parsers to Bypass Access ControlsGareth Heyes[Slides] [Paper] [Code]6Sense: Internet-Wide IPv6 Scanning and its Security ApplicationsGrant Williams, Mert Erdemir, Amanda Hsu, Shraddha Bhat, Abhishek Bhaskar, Frank Li, and Paul Pearce[Slides] [Paper] [Code]SnailLoad: Anyone on the Internet Can Learn What You're DoingDaniel Gruss and Stefan Gast[Slides] [Paper]ConclusionsWhile we started off 2024 with a modest amount of high-quality works, this has scaled up significantly. As conference publications increase, we do see a slight decline in the number of blogs; there does appear to be some inverse correlation between the two tallies.We highlighted three themes for this quarter:Rare events that happen at internet-scale have big impacts.Going above and beyond in tooling development.Cross-layer gotchas.We’re looking forward to seeing how the year closes out with our year in review and the final quarter of 2024. 

  --------  

  36:48
• ThinkstScapes Research Roundup - Q2 - 2024

  AI/ML in securityInjecting into LLM-adjacent componentsJohann Rehberger[Blog 1] [Blog 2]Teams of LLM Agents can Exploit Zero-Day VulnerabilitiesRichard Fang, Rohan Bindu, Akul Gupta, Qiusi Zhan, and Daniel Kang[Paper] Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models Sergei Glazunov and Mark Brand[Blog] LLMs Cannot Reliably Identify and Reason About Security Vulnerabilities (Yet?): A Comprehensive Evaluation, Framework, and BenchmarksSaad Ullah, Mingji Han, Saurabh Pujar, Hammond Pearce, Ayse Kivilcim Coskun, and Gianluca Stringhini[Paper] [Code]The Impact of Backdoor Poisoning Vulnerabilities on AI-Based Threat DetectorsDmitrijs Trizna, Luca Demetrio, Battista Biggio, and Fabio Roli[Slides] [Paper] [Code]Looking at the whole systemSystems Alchemy: The Transmutation of HackingThaddeus grugq[Video]The Boom, the Bust, the Adjust and the UnknownMaor Shwartz[Slides]Poisoning Web-Scale Training Datasets is PracticalNicholas Carlini, Matthew Jagielski, Christopher A. Choquette-Choo, Daniel Paleka, Will Pearce, Hyrum Anderson, Andreas Terzis, Kurt Thomas, and Florian Tramèr[Paper]Intercloud Identities: The Risks and Mitigations of Access Between Cloud ProvidersNoam Dahan and Ari Eitan[Video]New modalities with which to inflict painGPU.zip: On the Side-Channel Implications of Hardware-Based Graphical Data CompressionYingchen Wang, Riccardo Paccagnella, Zhao Gang, Willy R. Vasquez, David Kohlbrenner, Hovav Shacham, and Christopher W. Fletcher[Paper]AquaSonic: Acoustic Manipulation of Underwater Data Center Operations and Resource ManagementJennifer Sheldon, Weidong Zhu, Adnan Abdullah, Sri Hrushikesh Varma Bhupathiraju, Takeshi Sugawara, Kevin Butler, Md Jahidul Islam, and Sara Rampazzi[Paper] [Video]Video-Based Cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED Captured By Standard Video CamerasBen Nassi, Etay Iluz, Or Cohen, Ofek Vayner, Dudi Nassi, Boris Zadov, and Yuval Elovici[Site] [Paper] [Video]Old components showing the strainExploiting Sequence Number Leakage: TCP Hijacking in NAT-Enabled Wi-Fi NetworksYuxiang Yang, Xuewei Feng, Qi Li, Kun Sun, Ziqiang Wang, and Ke Xu[Blog] [Paper] Reliable Payload Transmission Past the Spoofed TCP HandshakeYepeng Pan and Christian Rossow[Paper] [Code]Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing DifferentialsDavid Klein and Martin Johns[Paper] [Code]Practical Exploitation of Registry Vulnerabilities in the Windows KernelMateusz Jurczyk[Blog] [Video]Nifty sundriesAn Analysis of Recent Advances in Deepfake Image Detection in an Evolving Threat LandscapeSifat Muhammad Abdullah, Aravind Cheruvu, Shravya Kanchi, Taejoong Chung, Peng Gao, Murtuza Jadliwala, and Bimal Viswanath[Code] [Paper]Tracking illicit phishermen in the deep blue AzureJacob Torrey[Slides] [Code]SEVeriFast: Minimizing the root of trust for fast startup of SEV microVMsBenjamin Holmes, Jason Waterman, and Dan Williams[Paper] [Code]Certiception: The ADCS Honeypot We Always WantedBalthasar Martin and Niklas van Dornick[Blog] [Code] [Slides]

  --------  

  31:36
• ThinkstScapes Research Roundup - Q1 - 2024

  Revealing more than anticipated, and preventing prying eyesPrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction SoundMan Zhou, Shuao Su, Qian Wang, Qi Li, Yuting Zhou, Xiaojing Ma, and Zhengxiong Li[Paper]ModelGuard: Information-Theoretic Defense Against Model Extraction AttacksMinxue Tang, Anna Dai, Louis DiValentin, Aolin Ding, Amin Hass, Neil Zhenqiang Gong, Yiran Chen, and Hai Li[Paper] [Code]RECORD: A RECeption-Only Region Determination Attack on LEO Satellite UsersEric Jedermann, Martin Strohmeier, Vincent Lenders, and Jens Schmitt[Code] [Paper]Private web search with TiptoeAlexandra Henzinger, Emma Dauterman, Henry Corrigan-Gibbs, and Nickolai Zeldovich[Slides] [Paper] [Video] [Code]Can Virtual Reality Protect Users from Keystroke Inference Attacks?Zhuolin Yang, Zain Sarwar, Iris Hwang, Ronik Bhaskar, Ben Y. Zhao, and Haitao Zheng[Website] [Paper]Backtrace in Time: Revealing Attackers’ Sleep Patterns and Days Off in RDP Brute-Force Attacks with Calendar HeatmapsAndréanne Bergeron[Code] [Blog] [Video]Taking another look with a fresh perspectiveBreaking HTTP Servers, Proxies, and Load Balancers Using the HTTP GardenBen Kallus and Prashant Anantharaman[Code] [Video]Compiler Backdooring For BeginnersMarion Marschalek[Video]Revisiting 2017: AI and Security, 7 years laterThomas Dullien[Video]Automated Large-Scale Analysis of Cookie Notice ComplianceAhmed Bouhoula, Karel Kubicek, Amit Zac, Carlos Cotrini, and David Basin[Paper] [Code Access]Turning Windows into doorsLSA WhispererEvan McBroom[Slides] [Blog] [Code]Wishing: Webhook Phishing in TeamsMatthew Eidelberg[Blog] [Code]Misconfiguration Manager: Overlooked and OverprivilegedDuane Michael and Chris Thompson[Slides] [Blog] [Code]Smoke and Mirrors: How to hide in Microsoft AzureAled Mehta and Christian Philipov[Video]Nifty sundriesBackdoor in XZ Utils allows RCE: everything you need to knowAndres Freund, Merav Bar, Amitai Cohen, Danielle Aminov, and Russ Cox[Initial Disclosure] [Wiz Blog] [Timeline]More Money, Fewer FOSS Security Problems? The Data, Such As It IsJohn Speed Meyers, Sara Ann Brackett, and Stewart Scott[Video]MUDding Around: Hacking for gold in text-based gamesUnix-ninja[Blog]DeGPT: Optimizing Decompiler Output with LLMPeiwei Hu, Ruigang Liang, and Kai Chen[Paper]

  --------  

  25:09

More Technology podcasts

Trending Technology podcasts

About ThinkstScapes